News

The Australian Information Commissioner lodged Federal Court proceedings against the social media giant, Facebook. The Information Commissioner found Facebook guilty of data privacy breach, which was also in conjunction with a breach of the country’s Privacy Act 1988. The breach affected 311,127 Australian Facebook users. If proven guilty, a maximum civil penalty of up to AUD$1,700,000 (approximately US$9,700,00) will be imposed on Facebook for each serious and/or repeated interference with privacy. Source: CISO Mag

Mozilla has announced plans today to remove support for the FTP protocol from Firefox. Going forward, users won't be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser." We're doing this for security reasons," said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. Source: ZD Net

A Florida company that offers guitar lessons online to millions of students around the world has suffered a data breach.Unauthorized access of TrueFire's computer system went on for six months before the breach was detected on January 10, 2020. In a data breach notification letter dated March 9, 2020, and signed by TrueFire Chief Customer Officer Ren Wright, users who made purchases via the website truefire.com between August 3, 2019, and January 14, 2020, were...

Security researchers at Kaspersky recently posted a warning of new Android malware that can steal cookies and gain control of its victims’ accounts. According to researchers, when the two malware modifications are combined, they can be used for stealing cookies collected by social media networking sites, as well as browsers themselves. After that, hackers can gain control of the victims’ accounts and discreetly manipulate what content they are seeing or further infect their system. Source:Beincrypto

A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories. This nation-backed cyber-espionage is suspected to be Pakistan-based and it is currently tracked under multiple names including APT36, Transparent Tribe, ProjectM, Mythic Leopard, and TEMP.Lapis. Source: Bleeping Computer

Stalkerware called Monitor Minor gives users the ability to creep on a target’s missives swapped via Instagram, Skype and Snapchat. Researchers are sending up a red flag over the distribution of an aggressive stalkerware app called Monitor Minor. In a report released Monday, researchers said the Android version of the app gives stalkers near absolute control of targeted devices, going so far as allowing them to capture the unlock pattern or unlock code of phones....

Threat researchers at security company RiskIQ have identified a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks. Source: Forbes

Given the current state of uncertainty surrounding the coronavirus and many organizations mandating or recommending that employees work from home, KnowBe4 has a few security recommendations: Be on the lookout for emails or text messages related to COVID-19 and confirm the information directly with the vendor, bank or your boss. If an employee will be using shared equipment that their family also uses at home, ensure that the latest security updates are installed. Conduct a...

 In the midst of the global emergency caused by the Coronavirus pandemic, the Argentine government confirmed on March 14 that they suffered a hack on the website of their official gazette (Boletin Official) based on blockchain technology, where false statements regarding the coronavirus were spread. Source: Cointelegraph  

  Cyber-attackers have hacked the US Health and Human Services Department as America works hard to minimize the impact of the COVID-19 virus.  The intrusion occurred on Sunday night and is thought to have been motivated by a desire to slow the agency down and spread misinformation among the public. After compromising the department's system, attackers circulated a false claim that the American government planned to introduce a nationwide lockdown. Source: Info Security